Recently, the Illinois Supreme Court considered the consequences of violating the Biometric Information Privacy Act (“Act”). The Act has been on the books for ten years, and during that time, the use of biometric data, such as finger prints, voice prints, or facial recognition, has grown by leaps and bounds. It is possible to unlock an iPhone merely by looking at it—using facial geometry.

As health care facilities move to biometric methods of identifying staff or clients, they will need to consider the ramifications of doing so. The Act requires entities that collect biometric data to first obtain informed consent, in writing, by the individual or their representative. In addition, the entity must have a policy and procedure for destroying the biometric data in accordance with the Act.

According to the Supreme Court, failure to abide by these procedures causes damage to the person whose biometric data was gathered. As a result, the entity can face liability in the amount of $1,000 to $5,000 per violation, or actual damages, plus attorneys’ fees. Considering the real risk of identity theft in this digital age, actual damages could easily exceed the statutory amounts.

Health insurance conglomerates like UnitedHealth Group, Aetna, and Anthem administer benefits and process medical claims for thousands of employee health insurance plans that are governed by the Employee Retirement Income Security Act (“ERISA”). Similarly, most health care providers furnish services to beneficiaries of numerous health insurance plans, meaning that the providers’ claims for payment are frequently processed and paid by companies like UnitedHealth, Aetna, or Anthem, acting as administrators for these plans. Beginning in 2007, UnitedHealth began a practice known as “cross-plan offsetting” in order to more easily recoup overpayments it had made to providers that were not in the health plans’ networks. Under cross-plan offsetting, an administrator for multiple health plans offsets overpayments made to an out-of-network provider under one health plan against the payments owed to that same provider under other health plans of that administrator. Cross-plan offsetting arises more often in the case of overpayments to out-of-network providers because health plans’ contracts with in-network providers usually permit recoupment of overpayments by withholding payment for subsequent services furnished by the in-network provider, and the in-network provider will generally furnish services to a plan’s beneficiaries much more often than an out-of-network provider will.

Some out-of-network providers have brought class actions on behalf of health plan beneficiaries challenging the legality of cross-plan offsetting. In a decision issued on January 15, 2019, the U.S. Court of Appeals for the Eighth Circuit ruled against UnitedHealth’s practice of cross-plan offsetting, finding that cross-plan offsetting was not authorized by the documents of the health plans in question. Peterson v. UnitedHealth Group, Inc., 2019 U.S. App. LEXIS 1270 (8th Cir.2019). Before addressing the merits of the challenge to cross-plan offsetting, however, the Eighth Circuit first addressed whether Dr. Peterson, the out-of-network provider bringing the class action on behalf of his patients, had standing as the representative of his patients to bring an action under ERISA. Health care providers generally do not have standing to bring an action under ERISA on their own behalf to recover benefits due under a health plan; instead, they must bring such an action under an assignment from the plan’s beneficiaries or as their representative. UnitedHealth contended that Dr. Peterson could not act as his patients’ representative because he had not adequately disclosed a conflict of interest relating to balance billing for out-of-network services. In rejecting this argument, the court found that having UnitedHealth pay for Dr. Peterson’s services “with money rather than with an offset” would be in both Dr. Peterson’s interest and the patients’ interest if the offset was not a valid payment of their obligation for the services. 2019 U.S. App. LEXIS 1270, *10-11. The court also found that the engagement letter signed by the patients adequately explained the potential conflict of interest.

The Eighth Circuit also rejected UnitedHealth’s interpretation of the plan documents as authorizing cross-plan offsetting. While recognizing that the documents of the various plans granted UnitedHealth broad authority to interpret and administer the plans, the court concluded that the text of the plan documents provided no basis for authorizing cross-plan offsetting. The court further observed tension between the practice of cross-plan offsetting and the requirements of ERISA:

While administrators like United may happen to be fiduciaries of multiple plans, nevertheless “each plan is a separate entity” and a fiduciary’s duties run separately to each plan. Standard Ins. Co. v. Saklad, 127 F.3d 1179, 1181 (9th Cir. 1997). Cross-plan offsetting is in tension with this fiduciary duty because it arguably amounts to failing to pay a benefit owed to a beneficiary under one plan in order to recover money for the benefit of another plan. While this benefits the later plan, it may not benefit the former. It also may constitute a transfer of money from one plan to another in violation of ERISA’s “exclusive purpose” requirement. 29 U.S.C. § 1104(a)(1).

2018 U.S. App. LEXIS 1270, *14-15. Although the Eighth Circuit did not specifically rule that cross-plan offsetting violated ERISA, it expressed skepticism regarding interpretations of plan documents “that authorize practices that push the boundaries of what ERISA permits.” 2018 U.S. App. LEXIS 1270, *15. This skepticism led the court to conclude that UnitedHealth’s interpretation of the plan documents was not reasonable and to uphold the district court’s grant of partial summary judgment in favor of the class action plaintiffs.

Christopher Crosswhite is a partner at Duane Morris’ Washington D.C. office who practices in the area of healthcare law.

The announcement caught the attention of CEOs, board members and other health leaders across the country as a pre-holiday reminder of the potential for individual civil and criminal liability arising out of compliance failures. Dr. Emil Dilorio, the founder, principal owner and CEO of Coordinated Health Holdings Co., a for-profit hospital and health system, agreed to settled allegations with the DOJ under the False Claims Act. The DOJ alleged that he and the company (which is on the hook for $11.25 million) submitted false claims to Medicare and other federal health care programs for orthopedic surgeries in a practice known as unbundling. Coordinated Health also had to enter into a five year Corporate Integrity Agreement – one of the most dreaded enforcement tools that HHS has in its arsenal. “The alleged corporate culture and leadership that promoted this conduct and allowed it to continue despite crystal clear warning is shameful,” said U.S. Attorney William M. McSwain of the Eastern District of Pennsylvania.

It is now an opportune time to assess your organization’s true corporate culture and determine whether your leadership appreciates its growing responsibilities and is equipped to fulfill those responsibilities in a meaningful way. Going through the motions of compliance education is simply not enough. The federal government has been very clear that it expects leadership, including boards, to understand their corporate governance responsibilities, their responsibilities regarding review and oversight of the organization’s compliance program, as well as applicable federal and state laws such as the False Claims Act.

While the OIG has stated that there is not a “one size fits all” program design for all compliance programs and that companies should tailor their compliance program designs, individuals who serve on for-profit and not-for-profit boards should make sure that they are fully equipped during the entire life cycle of their tenure. Board responsibility, particularly in the fast paced and highly regulated health care space, is not a static journey.

Moreover, each board member has a different baseline understanding of the industry, experience and skill set. Not every board member is living and breathing MACRA, ACOs, EMRs, CINs and AKS. But the old assumptions that health care has too many acronyms to bother lay members with or that the Stark law makes no sense and is not worth going over, have never been accurate and are definitely not in today’s enforcement environment. In fiscal year 2018 alone, the DOJ recouped $2.8 billion for False Claims Act cases.

Any prudent board member should make sure that either the organization’s current program is sufficiently tailored to that board’s individual needs or ask for additional and ongoing education and support. Initial education and ongoing refresh are just the beginning of an effective board compliance program. The OIG expects that board members understand their responsibilities to provide oversight for corporate compliance programs and to promote an ethical culture in their organizations. This is no small task. The regulatory framework is complex and in a state of flux, the OIG’s Work Plan is comprehensive and not the only determinant of focus areas and compliance risks, hospital operations are being reinvented to transition out of the fee for service model, and the reimbursement landscape is uncertain.

At a minimum, new and existing board members should look to understand the organization’s business models; organizational and governance structures; governing documents; authority matrix including any powers reserved for a parent or subsidiary board; board committee policies and procedures; D&O policies and scope of coverage; COI policies; current compliance plan; past years’ compliance plans and performance against the plans; significant compliance concerns that have led to self-disclosures or other self-reporting obligations; any recent or material government investigation; the terms of any Corporate Integrity Agreements; significant security or privacy breaches; processes and procedures in place relating to financial arrangements with physicians and physician groups; the fraud and abuse laws; medical necessity; billing and reimbursement basics; security obligations; and other key regulatory requirements that impact the organization.

Board members are also advised to meet the compliance lead, understand how issues are identified and remediated, and have access to the compliance team to answer any questions that may arise. Internal and, as appropriate, external counsel should be part of the process and partner with the compliance lead and board members, when necessary. These steps are important but not sufficient and every organization should continuously assess and improve its ongoing compliance strategy.

Service on a hospital board is an opportunity to serve and a privilege. It is also an obligation full of responsibilities. With so many issues competing for boards’ attention these days, the Coordinated Health settlement is a timely reminder that hospital leadership and boards cannot take their eyes off of the importance of compliance. The risk is too high to get lost in the alphabet soup.

Last year I did a series of blogs with my good friend, Karen Zupko of Karen Zupko and Associates, on physician contracting issues. I loved blogging with Karen. We used the blogs to educate our hospital and physician clients on common issues with respect to physician contracts. My favorite blog in the physician contracting blog series was the indemnification blog. Anyone who has worked with me on contracts knows that I have concerns about indemnification provisions in contracts. One of my proudest blogging moments was when a client said “now I get it” after I sent the indemnification blog to him. I sent the same blog to opposing counsel and we were able to successfully negotiate the indemnification language.

This year I am planning a series of blogs on governance and leadership in the context of healthcare mergers and acquisitions. This is blog 1 for 2019. Here is this year’s plan. The series will touch on strategic considerations in mergers and acquisitions, special issues for non-profits, governance dilemmas, deal breakers and exit plans. I’ll talk about lessons learned, bumps in the road, and next time, I’ll tell some funny stories and some not so funny stories, so stay tuned. The prevailing theme for the blog series will be thoughtful civility in mergers and acquisitions. If you have thoughts to share on the topic, email me at pshofstra@duanemorris.com. The Duane Morris blog format does not permit comments to be added to the blogs.

In counseling clients on M&A deals, it is critical to stress transaction nuances that may otherwise serve as an afterthought to a buyer or seller. While both parties reliably demonstrate laser focus on the big picture (i.e., the deal economics), there remain several purchase agreement provisions that can significantly affect a client’s allocation of risk, including representations and warranties, and indemnification provisions. Continue reading Healthcare M&A Corner – The Materiality Scrape: Buyers Rejoice; Sellers Beware→

The enforceability of non-competition clauses depends on a number of factors. Non-competition clauses are viewed in the context of anti-trust laws as a restraint of trade and disfavored. Consequently, the entity seeking to enforce a non-compete must be able to prove a legitimate business reason for the non-compete. A number of states flat out prohibit non-competition agreements, while other states enforce non-competition agreements on a case by case basis. In some states where non-compete provisions that restrict the physician’s right to practice medicine are considered void and not enforceable as a matter of law, employers may be able to sue the departing physician for monetary damages suffered because of the competition. Continue reading Non-Competition Clauses – Make No Assumptions→

Last month I wrote about the hearing to be held by the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations regarding federal efforts to ensure quality of care and resident safety in nursing homes.

The Director of Health Care for the GAO focused his opening remarks on the GAO study of nursing homes that concluded in 2015. The next year, CMS instituted sweeping regulatory changes. So it remains to be seen how CMS’ new requirements of participation will impact the issues found in the GAO report. Ruth Ann Dorrill, Regional Inspector General, HHS OIG noted that the OIG previously made two recommendations to CMS to improve quality of care in nursing homes. First, to provide guidance to nursing homes about detecting and reducing harm to be included in facility Quality Assurance and Performance Improvement programs. Second, to instruct State Agencies to review facility practices for identifying and reducing adverse events, and link related deficiencies specifically to resident safety practices. CMS implemented these recommendations on adverse events in nursing homes as of August 2018.

The focus on deficiencies by the State Agencies is disappointing. Deficiencies result in civil money penalties, further reducing the resources available to care for nursing home residents. Ms. Dorrill testified that nursing home residents often have care needs similar to patients in hospitals. However, nursing homes are not reimbursed at the same rate as hospitals and, yet, are expected to provide similar care. It seems as though the residents are getting lost in the ever increasing cycle of regulation and enforcement. Regulatory oversight sounds good on paper, but does it work?

On October 24, 2018, President Donald Trump signed the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (SUPPORT Act), a combination of a number of previously passed House and Senate bills related to addressing the opioid crisis. One of the provisions of this lengthy bipartisan package of bills includes an expansion of the disclosure requirements initially imposed by the Physician Payments Sunshine Act.

Today’s blog addresses compensation and benefits; a complicated subject of upmost interest to our clients. The blog touches on major points to consider regarding compensation and benefits. Physicians and physician groups must consult with compensation experts and legal counsel to insure that they understand the best possible, regulatory compliant compensation model for their needs. There are pros and cons and multiple variations of each model. Continue reading Physician Compensation→

Three teaching hospitals allowed a documentary to be filmed at their hospitals to provide viewers with information regarding the care that academic medical centers deliver. Despite the fact that the hospitals received no patient complaints regarding the filming, and the hospitals took steps to avoid violating HIPAA by having the film producers get written permission from patients to participate in the film and the hospitals required the film crews to have HIPAA training, the hospitals paid nearly $1 million to the federal Health and Human Services Office for Civil Rights (OCR) for alleged HIPAA violations. The hospitals are also required to follow corrective action plans and be monitored by the OCR .

This is the second time that OCR has gone after hospitals for alleged HIPAA violations associated with medical documentary filming.

Apparently, according to the OCR, the hospitals, not the producers, should have gotten the patients’ authorizations before allowing the producers to film on site and that mistake cost the hospitals a total of $999,000.